Setting up trust between Administration Console and BI Server
By default, the BI Server will trust PAC if PAC is accessed via localhost
or 127.0.0.1
. "Trust" here means that any requests from a configured set of IP addresses are assumed pre-authenticated. Pre-authenticated means that the caller (i.e. PAC) took care of authenticating the user. PAC never sends a password; all that is communicated between PAC and the BI Server is the name of the user as which to run.
- Stop PAC.
- Stop the BI Server.
- Open
biserver-ce/tomcat/webapps/pentaho/WEB-INF/web.xml
.- Search for
TrustedIpAddrs
. - The
param-value
immediately belowTrustedIpAddrs
is a comma-separated list of IP addresses that should be trusted. Add the IP address of the host running PAC.
- Search for
- Open
administration-console/resource/config/console.xml
.- Search for
platform-username
. - Replace the value (default is joe) with the username of an admin as which the BI Server should run all requests.
- Search for
- Start the BI Server.
- Start PAC.
Troubleshooting
- If the IP address is configured incorrectly, you will get the following error dialog in PAC:
Unable to connect to BI Server. Confirm user credentials and web setting XML configuration.
- If the username in
console.xml
is not found, you will get the following error dialog in PAC:
And in the server log you will see the following error:HTTP/1.1 500 Internal Server Error
org.springframework.security.userdetails.UsernameNotFoundException: User not found